This is currently doing the rounds, so I thought it pertinent to post
it here too.
http://www.webhostingtalk.com/showthread.php?p=6807475#post6807475
I don't know what nginx should do to fix this, but there are two
workarounds given.
If you allow file uploads (especially things like images) and use PHP
FastCGI in the back end, you should take a loot at this now.
The exploit allows for any arbitrary file which is uploaded, to be
executed as PHP.